Adware.Lop.BJ
SYMPTOMS: DomPlayer directory in %WINDOWS%\Program Files\TECHNICAL DESCRIPTION: This program will use social engineering to make you give them money.Infection comes like this: You download a media file from torrents, usually are used well known movie names/ TV shows or fake names, you want to watch the video, and you will be informed that you can't watch that video because you need to download a "magical" video player so called DomPlayer. This is possible because the media file is coded to be viewed only with DomPlayer. After you download DomPlayer, the action begins:The installer kit will connect to sms.wakenet.se The link will be: sms.wakenet.se/sms_purchase.php?AppName=DomPlayer[......]MacName=XX-XX-XX-XX-XX-XX (where XX-XX-XX-XX-XX-XX represents the MAC address)Will detect your location, using your IP address, and will direct you to a telephone hotline appropriate to your country and will instruct you to send a SMS to "activate" your player. Of course, the SMS will cost you extra money. If your country is not in their list, they will recommend you to download a Free 3wPlayer instead, after apologizing you that they couldn't rip you off. Of course 3wPlayer is a well known bad player that comes bundled with malware. (Trojan.FatObfus) Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Marius TIVADAR, jr. virus researcher |
